Skip Navigation Links 

U of A University Information Technology Services

Was this page helpful?
 [+]





...Or log into AskIT
and request help.

 

Password Protected Web Pages

Use .htaccess on comp.uark.edu and cavern.uark.edu to password protect a subdirectory in your account. Even if you just want to protect one web page or file, you need to create a new directory.  If you apply this protection at the root of your account then your entire web site will require a password before it can be viewed on the Web.  All files in the subdirectory will be subject to the password protection. 

  1. Create the directory to be password protected.
    1. SSH to your account (SSH Secure Shell for Windows or Macintosh SSH).
      If you are on comp.uark.edu, make sure to change into the public_html directory first (by typing cd public_html). 
      To make a directory, at the server prompt, (either comp% or cavern% unless you've changed your default shell) type:
      mkdir directoryname
      where "directoryname" is the name that you have chosen for the new directory.
      Then press Enter. You will be returned to the server prompt.
    2. Now you need to change into that directory.  Type:
      cd directoryname
      where "directoryname" is the name that you have chosen for the new directory.
  2. Next, you will create the .htaccess file in your account using Pico, a Unix text editor.
    1. First, you need to find your path from the server root. From the directory you created, type:
      pwd
      it will return a path that will resemble this example: 
      /export/home1/comp/username
      Copy that path; you will need it for the .htaccess file.
    2. At the server prompt, type:
      pico .htaccess
    3. That will open a blank file. Type or copy the following into the file:
      AuthUserFile /path/.htpasswd
      AuthGroupFile /dev/null
      AuthName "Window Name"
      AuthType Basic

      require user username
      make sure that none of the lines wrap.
      Replace "path" with your path (make sure there is one space after AuthUserFile and no spaces or quotes in the path to the .htpasswd). "Window Name" is the title of the login box that pops up for authentication.  Replace "username" with the username that you will use in step 3.1. Multiple usernames can be listed with spaces between.
    4. Exit the file by pressing keys Ctrl and x. It will prompt you to "Save the Modified Buffer". Press y for yes. Then it will ask "File name to write:". Press Enter to accept the name you already assigned it.
  3. Next, you will create the .htpasswd file and assign an encrypted password to the username you choose.
    1. At the server prompt, type:
      htpasswd -c .htpasswd username
      where "username" is the username that you typed into the .htaccess file.
    2. You will be prompted twice to enter the password for the directory.
    3. You have the option to use more than one username and each with seperate passwords.  To add another username to the list at the server prompt, type:
      htpasswd .htpasswd username
      the "-c" operator creates the file each time, so if you use it a second time it will overwrite the previous .htpasswd file.
  4. Finally, you need to set read permissions on both of the files just created. At the server prompt, type:
    chmod a+r .ht*
    the star is a wildcard and will allow the statement to work on both files.
    That's it. You can close SSH and go test your web page.  From now on, any web page or file you put in that directory will be password protected.

 
 
Thank you for visiting UITS. This page can be found at:
http://uits.uark.edu/web/index_4758_ENG_HTML.htm